SEC brings enforcement action for use of confidentiality agreements that impede whistleblowers

Well, the folks in the SEC’s whistleblower office were looking for a case to bring and it looks like they found one. As indicated in this press release, today, the SEC announced that it had brought “its first enforcement action against a company for using improperly restrictive language in confidentiality agreements with the potential to stifle the whistleblowing process.”

As discussed in this post, the director of the SEC’s whistleblower office, Sean McKessy, said in an interview that he was encouraging his staff to be “on the hunt” for instances involving problematic severance, employment or confidentiality agreements that include language in the agreement that crosses the “fine line” from “encouraging” to effectively “forcing” internal reporting to the exclusion of reporting to the SEC, even if the prohibition on external reporting is not explicit. McKessy did not identify the precise type of language he found problematic, adding only that “’[y]ou’ll see it when we bring it….We are going to bring cases that will show there is language out there.” According to McKessy, improper contract provisions were “’the new thing that I’ve got people really enthusiastic for.’”

Apparently, the hunters found their prey. In this settled action, the SEC charged KBR, Inc. with violating whistleblower protection Rule 21F-17, adopted as part of Dodd-Frank. That rule prohibits any person from taking “any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.”

According to the SEC Order in this case, when KBR receives an allegation of improper or unethical conduct, including an allegation regarding federal securities law violations, its practice is to conduct an internal investigation. As part of that process, KBR uses a form confidentiality agreement for employees interviewed. The Order acknowledges that “use of the form confidentiality statement is not required by KBR policy.” However, “the statement is included as an enclosure to the KBR Code of Business Conduct Investigation Procedures manual, and KBR investigators have had witnesses sign the statement at the start of an interview.”

The confidentiality agreement contained the following language:

“I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.”

The Order makes clear that the SEC found no instances where “(i) a KBR employee was in fact prevented from communicating directly with Commission Staff about potential securities law violations, or (ii) KBR took action to enforce the form confidentiality agreement or otherwise prevent such communications….” Nevertheless, the SEC viewed the language in the form confidentiality agreement, including the threat of disciplinary action, to be a potential impediment to SEC reporting by employees interviewed, thereby undermining the whistleblower rule’s purpose to encourage SEC reporting. According to the Director of SEC Enforcement, by “requiring its employees and former employees to sign confidentiality agreements imposing pre-notification requirements before contacting the SEC, KBR potentially discouraged employees from reporting securities violations to us….SEC rules prohibit employers from taking measures through confidentiality, employment, severance, or other type of agreements that may silence potential whistleblowers before they can reach out to the SEC. We will vigorously enforce this provision.”

KBR agreed to pay a civil penalty of $130,000, to advise KBR employees who had signed the confidentiality agreement about the Order and to include the following language in its form confidentiality agreement:

“Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.”

McKessy cautioned other companies to “similarly review and amend existing and historical agreements that in word or effect stop their employees from reporting potential violations to the SEC.” Companies may want to take that message to heart by reviewing their standard confidentiality, employment and severance agreements to determine if they contain any provisions that could be considered similarly restrictive. If so – or perhaps even if not – companies may want to consider adding the type of explicit clarifying language set forth above.

This blog is provided for general informational purposes only and no attorney-client relationship with the law firm Cooley LLP and Cooley (UK) LLP is created with you when you use the blog. By using the blog, you agree that the information on this blog does not constitute legal or other professional advice. Do not send any confidential information through the blog or by email to Cooley LLP and Cooley (UK) LLP, neither of whom will have any duty to keep it confidential. The blog is not a substitute for obtaining legal advice from a qualified attorney licensed in your state. The information on the blog may be changed without notice and is not guaranteed to be complete, correct or up-to-date, and may not reflect the most current legal developments. The opinions expressed on the blog are the opinions of the authors only and not those of Cooley LLP and Cooley (UK) LLP.